I've created a service account for a scheduled task on our 2008R2 server. The task runs a powershell script, which will, among other things, download an archive from a linux server every time it is run using PuTTYs pscp. However, it does not work, since the service account has never connected to that server before, and does not know its host key. Reading the manual and searching, it turns out that these keys are stored in the registry, under HKEY_USERS\<SID>\Software\SimonTatham\PuTTY\SshHostKeys. But here enters the problem: The service account does not have a local profile, since it is not allowed local login. And therefore it does not have an entry in HKEY_USERS.

So, how can this be fixed? I doubt it'd be a very good idea to just create the SID key under HKEY_USERS, but there must be some workaround? Could I put this in some default user key?

I was thinking about doing that as a last resort. We will need to do this on several more servers in the future, and it's a manual step (or rather half a dozen manual steps) I'd rather avoid.
–
carlpettMar 27 '12 at 20:03

Does the service account not have a profile folder in %SystemDrive%\Users?
–
Chris McKeownMar 27 '12 at 20:52

However, you've already got a powershell script running that should be capable of writing to it's own HKEY_CURRENT_USER registry hive. And I assume the host key of your linux server isn't changing that often. So why not just have the powershell script write the appropriate value to the registry before it starts making the pscp calls?

You find the {name} and {value} from another user's session who has already accepted the key. HKEY_USERS\<SID> is the same as the root of HKEY_CURRENT_USER for the user who matches that SID. So as long as you reference HKEY_CURRENT_USER from both accounts, the path to the host keys should be the same.

Hi! Yeah, I read that "we won't fix it"-note. Would be great if I could at least supply the host key I expect, but no such luck... The problem with your suggested approach as I see it is that there is no HKEY_USERS\[...] for this user, since it has never logged on. I don't think just creating it with regedit is going to be a very good idea, or am I just cowardly?
–
carlpettMar 28 '12 at 21:24

The HKCU hive is created as soon as your task starts running as that user for the first time on the machine. You don't need to pre-create anything. Just include a line in the script right before the pscp calls that writes the value you need.
–
Ryan BolgerMar 29 '12 at 18:13